.svg)
The European Banking Authority (EBA) has issued a No Action letter aiming to reduce the risk of crypto-asset firms needing to obtain two separate licences for certain payment activities under overlapping European rules.
Following a European Commission request last December, the EBA has officially a No Action letter regarding the EU鈥檚 payments and crypto regimes.
Its goal is to ensure that, in the long term, there is no need for dual authorisation under two pieces of EU law for the activity of transacting electronic money tokens (EMTs).
A No Action letter is formal regulatory guidance used by supervisors to pause on enforcing specific legal requirements in certain cases, usually to avoid regulatory uncertainty or disproportionate burden during transition periods.
The letter focuses on the interplay between the EU鈥檚 existing Payment Services Directive (PSD2) and the recently introduced Markets in Crypto-Assets Regulation (MiCA).
It recommends that national regulators in the European Economic Area (EEA) do not enforce some aspects of PSD2 on crypto-asset service providers (CASPs) dealing in EMTs (a category of crypto-assets designed to maintain stable value against official currencies) until clearer rules are in place.
The EBA warned that if regulators do not take its advice, firms transacting in EMTs could find themselves subject to overlapping and potentially conflicting requirements under PSD2 and MiCA.
In particular, firms could face the disproportionate burden of requiring both a CASP authorisation under MiCA and a payment services licence under PSD2 for effectively the same activity.
A known problem
This issue has been on the minds of regulators in the EU for some time.
For example, while speaking at Blockchain For Europe鈥檚 2023 summit in Brussels, the National Bank of Belgium鈥檚 Anne Chamberod admitted that the 鈥渄ifficult application of PSD2 to the crypto ecosystem鈥 is a question that often comes up.
鈥淲e do have a lot of questions as to 'do I need to apply for a MiCA licence or for a PSD licence?', or 'do I provide customer services for EMT only?', 'do I need to apply strong customer authentication to EMT accounts?',鈥 she said.
鈥淭hese are the types of questions that are key for the sector but also for the regulator.鈥
At the same event, Elisabeth Noble, senior policy advisor at the EBA, acknowledged that she had come across similar issues.
She said there is a 鈥渟erious cohesion question鈥, and suggested that the regulator might issue guidance in the future.
A stop-gap solution
The EBA鈥檚 letter recommends that where EMT-related transactions fall within the definition of a payment service under PSD2, such as when CASPs hold EMTs for clients or facilitate transfers to third parties, national competent authorities should begin requiring licences only after a transition period ending on March 2, 2026.
It adds that even beyond that point, regulators should prioritise some PSD2 requirements, such as fraud reporting and strong customer authentication, while deprioritising others, such as open banking rules and disclosure of fees.
The letter also makes clear that other crypto activities, such as exchanging crypto for fiat or for other crypto-assets, or purchasing crypto-assets with EMTs, should not be treated as payment services under PSD2 at all, meaning they will not require payment services licences.
The EBA鈥檚 intervention is intended as a temporary solution while the EU completes work on its next iteration of payments regulation: the forthcoming PSD3 and the Payment Services Regulation (PSR).
The letter advises lawmakers to use that legislative process to amend MiCA and eliminate the need for dual authorisation in future by bringing consumer protection and prudential rules for EMTs directly into MiCA or otherwise coordinating the frameworks.
The EU鈥檚 banking watchdog has made clear that a failure to resolve the overlap could lead to regulatory confusion, market distortions, gaps in consumer protection, and opportunities for regulatory arbitrage.
Ensuring consumer protection
Despite recommending a pause in enforcement, the EBA rejected the idea of weakening consumer protection for crypto payments altogether.
鈥淭he EBA considers unsatisfactory and undesirable a third potential approach, according to which EMTs are excluded from the scope of the future PSD3 and PSR altogether (for example through a legislative exclusion), and for MiCA not to be strengthened, either,鈥 the authority said in the letter.
鈥淪uch an approach would create confusion, distort a successful EU payments market, create an unlevel playing field, expose consumers to risks that would be more difficult to address than those posed by traditional payment services, and give rise to undesirable opportunities for regulatory arbitrage. The No Action letter does therefore not entertain this further as a legislative option for the future,鈥 the regulator added.
The EBA emphasised that EMT transactions should ultimately be subject to the same high standards that have long governed the EU鈥檚 payments market, regardless of the underlying technology used.
鈥淭he EBA does not base this advice on the conviction that an authorisation as a CASP under MiCA is sufficient to address the risks that arise from EMT transactions. On the contrary: the success of PSD1, PSD2 and EMD over the past 15 years in bringing about a secure and competitive market has shown that for retail payments to be able effectively to fulfil their role in a modern society, market actors need to have confidence in the stability of the market and the reliability of the payment transactions carried out,鈥 it said.
鈥淭he same risks should be mitigated through the same regulatory mitigation measures, irrespective of whether the underlying technology is based on a distributed ledger or conventional systems and processes.鈥
Going forward, the advice to national regulators will remain in place until PSD3 and the PSR come into effect, or unless the EBA reconsiders its position earlier.
A much needed reprieve
The intervention from the EBA, which is not at all unexpected, will be a relief for crypto firms getting accustomed to the EU鈥檚 new regulatory expectations for them.
It is helpful for firms, as it gives them more time to adapt to MiCA鈥檚 requirements without immediately needing a separate payments licence under PSD2.
It also reduces uncertainty and eases the short-term regulatory burden, helping firms plan operational changes, compliance investments, and licensing strategies, while giving EU lawmakers time to resolve overlaps between MiCA and future payments legislation.
The onus is now on them to avoid imposing costly dual licensing and fragmented compliance obligations on firms in the long run, especially given that the trading bloc is trying to encourage more growth and competitiveness.
